CVE-2020-8284
LOW3.7EPSS 0.08%curl - security update
發布日:2020/12/14修改日:2025/12/3
也稱為:ALPINE-CVE-2020-8284
描述
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
受影響套件(3)
- Alpine/curlfrom 0, < 7.79.0-r0
- Debian/curlfrom 0, < 7.74.0-1
- Debian/curlfrom 0, < 7.52.1-5+deb9u13
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |